3 Replies Latest reply on Sep 5, 2011 5:43 PM by Scott McLaughlin

    web container security hardening

    Scott McLaughlin Newbie

      I am starting to work with JBoss 7 and I am tryinbg to figure out how to do some web container hardening so the feature requests can be submitted if the features are currently not available as there items are required before this version can be supported in my environment. 

       

       

      1) Removing or nulling out the value of the "Server" http header.   This was handled before by adding the server=" " attribute to the jbossweb server.xml

      2) Disabling HTTP methods at a URL level

             ie Disable PUT, TRACE, DELETE, OPTIONS for the "/" but allowing it for "/<application name>

             Tjhis used to be a configuration in the web.xml of jbossweb